Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Where can I find detailed documentation on best practices deploying search head and indexer clusters?

rewritex
Contributor
‎06-06-2016 07:21 PM

There is quite a lot of documentation about doing a Splunk deployment and I just want to see if anyone has a consolidate source/weblink on the subject. I am currently putting together a cluster and reading up on the activities ... I have a simple setup running now with a search head cluster and an indexer cluster, but I have many questions on a few things, do's-don'ts, best method, howto's ...etc

  1. Looking for step-by-steps docs on bringing in my indexed data and search apps/configs ... 1a. looking for current step-by-step cluster deployment docs/links!
  2. Looking for any purty and nice workflows with pop-up pictures ...
  3. Do I need a deployer, deployment server, master, and license server?
  4. Is a captain for search heads a current thing?

Thank you!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Steve_G_
Splunk Employee
Splunk Employee
‎06-07-2016 11:48 AM

This is a good place to start:

http://docs.splunk.com/Documentation/Splunk/6.4.1/Deploy/Indexercluster

It provides an overview procedure for deploying an indexer cluster (with, optionally, a search head cluster), with links out to other material that contains all the detailed steps. Setting up both indexer cluster and search cluster requires extensive configuration, so go through that high-level procedure carefully and follow all the links to the detailed procedures.

Also, regarding your other questions:

3) You might be able to combine the functionality of master and deployer, depending on your load. See: http://docs.splunk.com/Documentation/Splunk/6.4.1/Indexer/Systemrequirements#Additional_roles_for_th...

4) In a search head cluster, the captain is the member that controls the cluster. See http://docs.splunk.com/Documentation/Splunk/6.4.1/DistSearch/SHCarchitecture#Search_head_cluster_cap...

View solution in original post

Reply
Solved! Jump to solution
Solution

Steve_G_
Splunk Employee
Splunk Employee
‎06-07-2016 11:48 AM

This is a good place to start:

http://docs.splunk.com/Documentation/Splunk/6.4.1/Deploy/Indexercluster

It provides an overview procedure for deploying an indexer cluster (with, optionally, a search head cluster), with links out to other material that contains all the detailed steps. Setting up both indexer cluster and search cluster requires extensive configuration, so go through that high-level procedure carefully and follow all the links to the detailed procedures.

Also, regarding your other questions:

3) You might be able to combine the functionality of master and deployer, depending on your load. See: http://docs.splunk.com/Documentation/Splunk/6.4.1/Indexer/Systemrequirements#Additional_roles_for_th...

4) In a search head cluster, the captain is the member that controls the cluster. See http://docs.splunk.com/Documentation/Splunk/6.4.1/DistSearch/SHCarchitecture#Search_head_cluster_cap...

Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...